FW: [OVAL-REMEDIATION-DISCUSSION-LIST] Standardized Vulnerability Remediation and System Modification
To add a little more clarity,
There are major challenges, one of which is the level of funding
resources from NIST or elsewhere for this initiative. On the other hand,
the issue of remediation with virtualization is a real technical
challenge and virtualization is a hot potato. I don't know if anyone
has an elegant simple solution for remediation in this scenario, but I
do not have such on my desk at the moment.
To me, I see vendors individually kludging solutions, or combining all
of our expertise, we can try zero-base engineering a solution for the
evolving challenges. The solution may not make it, but the exercise of
trying to find a solution will likely benefit our individual solutions.
In short, I see a bunch of remediation challenges coming over the
horizon, and prefer a co-operative community solution initiative. It may
not work, but the journey may be very beneficial. In short, I agree
with many of Kent's points -- but I am looking for side-effects of the
journey and not the final destination.